#!/bin/bash

# This script fixes the Nginx configuration

# Load environment variables
if [ -f .env ]; then
    source .env
else
    echo "Error: .env file not found. Please create it based on .env.example."
    exit 1
fi

# Check if sshpass is installed
if ! command -v sshpass &> /dev/null; then
    echo "Error: sshpass is not installed. Please run 'sudo apt-get install sshpass' first."
    exit 1
fi

# Set SSH command with password
SSH_CMD="sshpass -p $SERVER_PASSWORD ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP"

echo "Fixing Nginx configuration..."

# Create a temporary file with the complete configuration
cat > nginx-fix.conf << 'EOF'
server {
    server_name boilerhaus.org;

    root /var/www/boilerhaus.org;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    # Managed by Certbot
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/boilerhaus.org-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/boilerhaus.org-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

# Nextcloud configuration
server {
    server_name cloud.boilerhaus.org;

    # Proxy to Nextcloud
    location / {
        proxy_pass http://localhost:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Increase timeout for long-running operations
        proxy_connect_timeout 600;
        proxy_send_timeout 600;
        proxy_read_timeout 600;
        send_timeout 600;
        
        # WebDAV support
        client_max_body_size 512M;
        
        # Enable WebSocket support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    # Managed by Certbot
    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/boilerhaus.org-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/boilerhaus.org-0001/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = boilerhaus.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name boilerhaus.org;
    return 404; # managed by Certbot
}

server {
    if ($host = cloud.boilerhaus.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name cloud.boilerhaus.org;
    return 404; # managed by Certbot
}
EOF

# Upload the temporary file to the server
sshpass -p "$SERVER_PASSWORD" scp -o StrictHostKeyChecking=no nginx-fix.conf $SERVER_USER@$SERVER_IP:/tmp/

# Backup the current configuration
$SSH_CMD "sudo cp /etc/nginx/sites-available/boilerhaus.org.conf /etc/nginx/sites-available/boilerhaus.org.conf.bak.$(date +%s)"

# Replace the configuration
$SSH_CMD "sudo cp /tmp/nginx-fix.conf /etc/nginx/sites-available/boilerhaus.org.conf"

# Test the Nginx configuration
$SSH_CMD "sudo nginx -t"

# Reload Nginx if the configuration is valid
$SSH_CMD "sudo systemctl reload nginx || sudo systemctl restart nginx"

# Clean up
rm nginx-fix.conf

echo "Nginx configuration fixed! cloud.boilerhaus.org should now point to your Nextcloud instance."